Added Title

Implementing open source security information and event management system

Date of Publication


Document Type

Master's Thesis

Degree Name

Master in Information Security

Subject Categories

Computer Sciences | Information Security


College of Computer Studies


Computer Technology

Thesis Advisor

Fritz Kevin S. Flores

Defense Panel Chair

Gregory G. Cu

Defense Panel Member

Arlyn Verina L. Ong
Marnel S. Peradilla


Cybersecurity is an essential part of IT operations in the 21st century, there has been an increase in attacks on businesses by malicious individuals for monetary gain to access sensitive information, and manually investigating each host for suspicious activity is ineffective and reactive, and most of the time early warning signs of an attack are hard to identify. Security Information and Event Management (SIEM) is a set of tools and services that can provide a holistic overview of the organization's information security posture. However, SIEM can be expensive because of its license cost, maintenance, and resource requirements. This project evaluates known open-source SIEM solutions using Strength and Weakness, and Opportunity and Threats analysis that fit with the needs of DLSU CCS-TSG with minimal cost implementation design in mind. The chosen SIEM was deployed, configured, and optimized to improve the detection capabilities for adversarial tactics based on the MITRE ATT&CK framework on Unix-based Operating Systems. To validate the efficacy of the SIEM deployed and rule optimization in system auditing, an attack simulation was conducted based on commands from tactics for Discovery, Credential Access, and Persistence from MITRE ATT&CK. In conclusion, the SIEM helped the organization to centrally collect data across the network environment to gain real-time visibility into activities that may potentially induce risk and help the organization address the issues before becoming a significant financial risk. Lastly, it was proven that optimizing both SIEM and host system auditing to correlate and work with each other improved the detection capabilities of the SIEM. However, a proper set of training to manage, maintain, and improve the skillset and gain experience in cybersecurity to discern potential threats vs. false positives is an essential part of the SIEM to be effective.

Keywords: Cyber Security Operations, SIEM, AuditD, Intrusion Detection, Open-Source

Abstract Format



Added title from the approval sheet.





Physical Description

104 leaves


Computer security; Intrusion detection systems (Computer security); Computer networks—Security measures

Upload Full Text


Embargo Period


Available for download on Wednesday, July 12, 2023